Web xKaliBurr: An Online Platform for Information Gathering in Internet Application Pentesting
Abstract
The Information Gathering stage in web Pentests is crucial as it lays the foundation for all subsequent activities. However, comprehensive information gathering requires the manual use of various tools that demand advanced technical knowledge. We propose Web xKaliBurr, an open-source web tool that automates the information gathering stage. With a user-friendly interface, the tool performs extensive scans from the site’s URL, providing a wide range of information and recommendations, allowing users without advanced knowledge to assess their site’s security and detect potential flaws or vulnerabilities.References
Antunes, M., Maximiano, M., and Gomes, R. (2022). A customizable web platform to manage standards compliance of information security and cybersecurity auditing. Procedia Computer Science, 196:36–43.
Barros, D. R., Pimenta, S. A., Rocha, L. S., and Monteiro, J. M. (2023). Exekaliburr: uma ferramenta exploratória auxiliar para o levantamento de informaçoes em pentests web. In Anais Estendidos do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 1–8. SBC.
DeHashed (2024). Dehashed. Take your employee security to the next level. Disponível em [link]. Acessado em 04 de Junho de 2024.
Dewan, P., Kashyap, A., and Kumaraguru, P. (2014). Analyzing social and stylometric features to identify spear phishing emails. In 2014 apwg symposium on electronic crime research (ecrime), pages 1–13. IEEE.
Najera-Gutierrez, G. and Ansari, J. A. (2018). Web Penetration Testing with Kali Linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
OWASP Foundation (2021). OWASP Top 10:2021. OWASP Foundation. Disponível em [link]. Acessado em 04 de Junho de 2024.
Probely, S. H. P. (2024). Security headers powered by probely. Probely Cybersecurity Company with Dynamic Application Security Testing (DAST) tools. Disponível em [link]. Acessado em 04 de Junho de 2024.
Stuttard, D. and Pinto, M. (2011). The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. Wiley.
Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. Novatec.
Barros, D. R., Pimenta, S. A., Rocha, L. S., and Monteiro, J. M. (2023). Exekaliburr: uma ferramenta exploratória auxiliar para o levantamento de informaçoes em pentests web. In Anais Estendidos do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 1–8. SBC.
DeHashed (2024). Dehashed. Take your employee security to the next level. Disponível em [link]. Acessado em 04 de Junho de 2024.
Dewan, P., Kashyap, A., and Kumaraguru, P. (2014). Analyzing social and stylometric features to identify spear phishing emails. In 2014 apwg symposium on electronic crime research (ecrime), pages 1–13. IEEE.
Najera-Gutierrez, G. and Ansari, J. A. (2018). Web Penetration Testing with Kali Linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
OWASP Foundation (2021). OWASP Top 10:2021. OWASP Foundation. Disponível em [link]. Acessado em 04 de Junho de 2024.
Probely, S. H. P. (2024). Security headers powered by probely. Probely Cybersecurity Company with Dynamic Application Security Testing (DAST) tools. Disponível em [link]. Acessado em 04 de Junho de 2024.
Stuttard, D. and Pinto, M. (2011). The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. Wiley.
Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. Novatec.
Published
2024-09-16
How to Cite
BARROS, Daniel R.; CABRAL, Lucas; OLIVEIRA, João V. A.; CASTRO, Felipe M.; SOARES, Lucas L.; MONTEIRO, José M.; BENTO, Joaquim; ROCHA, Lincoln S..
Web xKaliBurr: An Online Platform for Information Gathering in Internet Application Pentesting. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 177-184.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.242014.
